CVE-2018-20250: WinRAR Absolute Path Traversal Vulnerability
First published: Tue Feb 05 2019(Updated: )
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
Credit: cve@checkpoint.com cve@checkpoint.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WinRAR | <=5.61 | |
| WinRAR | ||
| <=5.61 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html
- http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace
- http://www.securityfocus.com/bid/106948
- https://github.com/blau72/CVE-2018-20250-WinRAR-ACE
- https://research.checkpoint.com/extracting-code-execution-from-winrar/
- https://www.exploit-db.com/exploits/46552/
- https://www.exploit-db.com/exploits/46756/
- https://www.win-rar.com/whatsnew.html
- https://nvd.nist.gov/vuln/detail/CVE-2018-20250
Frequently Asked Questions
What is CVE-2018-20250?
CVE-2018-20250 is a path traversal vulnerability in WinRAR versions prior to and including 5.61.
How does CVE-2018-20250 affect WinRAR?
CVE-2018-20250 allows an attacker to manipulate the filename field in the ACE format, resulting in a path traversal vulnerability.
Who is affected by CVE-2018-20250?
Users of WinRAR versions prior to and including 5.61 are affected by CVE-2018-20250.
What is the severity of CVE-2018-20250?
CVE-2018-20250 has a severity rating of 7.8 (High).
How can CVE-2018-20250 be fixed?
To fix CVE-2018-20250, users should update to a version of WinRAR that is later than 5.61.
- agent/type
- agent/description
- agent/title
- agent/weakness
- agent/author
- agent/severity
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/source
- agent/tags
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- collector/nvd-index
- vendor/rarlab
- canonical/winrar
- version/winrar/5.61